CVE-2012-3354 Information
Description
doku.php in DokuWiki as used in Fedora 16 17 and 18 when certain PHP error levels are set allows remote attackers to obtain sensitive information via the prefix parameter which reveals the installation path in an error message.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 http://www.openwall.com/lists/oss-security/2012/06/24/2 http://www.openwall.com/lists/oss-security/2012/06/25/2 https://bugzilla.redhat.com/show_bug.cgi?id=835145
Share on: